LiveActive security incident?Get immediate response
CVE archive

December 2011

Browse CVE records published in December 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 358 matching CVEs · Page 2 of 8.

Unknown · CVSS Not scored

CVE-2011-4830: Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component...

Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.

Published Dec 15, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-4860: The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka t...

The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message.

Published Dec 17, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-4809: Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before...

Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.

Published Dec 14, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-4695: Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass...

Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

Published Dec 7, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-4827: Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to in...

Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) p parameter to redirect.php and (2) box parameter to includes/TrueColorPicker/index.php, which is not properly handled in includes/TrueColorPicker/class.TrueColorPicker.php.

Published Dec 15, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-4681: Opera before 11.60 does not properly consider the number of .

Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as demonstrated by the .no or .uk domain.

Published Dec 7, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5268: connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a...

connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. NOTE: this issue was SPLIT from CVE-2013-4550 because it is a different type of issue.

Published Dec 24, 2013 · Updated Aug 7, 2024